Main Vulnerability Database Vulnerabilities #VU14697

Improper input validation in Cisco Prime Access Registrar - CVE-2018-0421

Published: September 5, 2018 / Updated: September 7, 2018

Vulnerability identifier: #VU14697

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-0421

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Prime Access Registrar

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in TCP connection management in Cisco Prime Access Registrar due to incorrect handling of incoming TCP SYN packets to specific listening ports. A remote attacker can send a specially crafted stream of TCP SYN packets and cause the application to eventually restart if a file description cannot be obtained.

How to mitigate CVE-2018-0421

The vulnerability has been fixed in the versions 7.3.0.4 and 8.0.1.1.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos

Improper input validation in Cisco Prime Access Registrar - CVE-2018-0421

Detailed vulnerability description

How to mitigate CVE-2018-0421

Sources

Please verify you're human